pub struct ExpandedSecretKey {
pub scalar: Scalar,
pub hash_prefix: [u8; 32],
}Expand description
Contains the secret scalar and domain separator used for generating signatures.
This is used internally for signing.
In the usual Ed25519 signing algorithm, scalar and hash_prefix are defined such that
scalar || hash_prefix = H(sk) where sk is the signing key and H is SHA-512.
WARNING: Deriving the values for these fields in any other way can lead to full key
recovery, as documented in raw_sign and [raw_sign_prehashed].
Instances of this secret are automatically overwritten with zeroes when they fall out of scope.
Fields§
§scalar: ScalarThe secret scalar used for signing
hash_prefix: [u8; 32]The domain separator used when hashing the message to generate the pseudorandom r value
Implementations§
Source§impl ExpandedSecretKey
impl ExpandedSecretKey
Sourcepub(crate) fn raw_sign<CtxDigest>(
&self,
message: &[&[u8]],
verifying_key: &VerifyingKey,
) -> Signature
pub(crate) fn raw_sign<CtxDigest>( &self, message: &[&[u8]], verifying_key: &VerifyingKey, ) -> Signature
The plain, non-prehashed, signing function for Ed25519. CtxDigest is the digest used to
calculate the pseudorandomness needed for signing. According to the spec, CtxDigest = Sha512, and self is derived via the method defined in impl From<&SigningKey> for ExpandedSecretKey.
This definition is loose in its parameters so that end-users of the hazmat module can
change how the ExpandedSecretKey is calculated and which hash function to use.
Sourcepub(crate) fn raw_sign_byupdate<CtxDigest, F>(
&self,
msg_update: F,
verifying_key: &VerifyingKey,
) -> Result<Signature, SignatureError>
pub(crate) fn raw_sign_byupdate<CtxDigest, F>( &self, msg_update: F, verifying_key: &VerifyingKey, ) -> Result<Signature, SignatureError>
Sign a message provided in parts. The msg_update closure will be called twice to hash the
message parts. This closure MUST leave its hasher in the same state (i.e., must hash the
same values) after both calls. Otherwise it will produce an invalid signature.
Source§impl ExpandedSecretKey
impl ExpandedSecretKey
Sourcepub fn from_bytes(bytes: &[u8; 64]) -> Self
pub fn from_bytes(bytes: &[u8; 64]) -> Self
Construct an ExpandedSecretKey from an array of 64 bytes. In the spec, the bytes are the
output of a SHA-512 hash. This clamps the first 32 bytes and uses it as a scalar, and uses
the second 32 bytes as a domain separator for hashing.
Sourcepub fn from_slice(bytes: &[u8]) -> Result<Self, SignatureError>
pub fn from_slice(bytes: &[u8]) -> Result<Self, SignatureError>
Construct an ExpandedSecretKey from a slice of 64 bytes.
§Returns
A Result whose okay value is an EdDSA ExpandedSecretKey or whose error value is an
SignatureError describing the error that occurred, namely that the given slice’s length
is not 64.
Trait Implementations§
Source§impl ConstantTimeEq for ExpandedSecretKey
impl ConstantTimeEq for ExpandedSecretKey
Source§impl Debug for ExpandedSecretKey
impl Debug for ExpandedSecretKey
Source§impl Drop for ExpandedSecretKey
Available on crate feature zeroize only.
impl Drop for ExpandedSecretKey
zeroize only.Source§impl From<&[u8; 32]> for ExpandedSecretKey
The spec-compliant way to define an expanded secret key. This computes SHA512(sk), clamps the
first 32 bytes and uses it as a scalar, and uses the second 32 bytes as a domain separator for
hashing.
impl From<&[u8; 32]> for ExpandedSecretKey
The spec-compliant way to define an expanded secret key. This computes SHA512(sk), clamps the
first 32 bytes and uses it as a scalar, and uses the second 32 bytes as a domain separator for
hashing.
Source§fn from(secret_key: &SecretKey) -> ExpandedSecretKey
fn from(secret_key: &SecretKey) -> ExpandedSecretKey
Source§impl From<&ExpandedSecretKey> for VerifyingKey
impl From<&ExpandedSecretKey> for VerifyingKey
Source§fn from(expanded_secret_key: &ExpandedSecretKey) -> VerifyingKey
fn from(expanded_secret_key: &ExpandedSecretKey) -> VerifyingKey
Derive this public key from its corresponding ExpandedSecretKey.
Source§impl PartialEq for ExpandedSecretKey
impl PartialEq for ExpandedSecretKey
Source§impl TryFrom<&[u8]> for ExpandedSecretKey
impl TryFrom<&[u8]> for ExpandedSecretKey
impl Eq for ExpandedSecretKey
impl ZeroizeOnDrop for ExpandedSecretKey
zeroize only.